BACKCLICK
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-44001 | 0.00 | — | 0.00 | Nov 17, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | |||
| CVE-2022-44008 | 0.00 | — | 0.00 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. | |||
| CVE-2022-44004 | 0.00 | — | 0.02 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password. | |||
| CVE-2022-44003 | 0.00 | — | 0.00 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | |||
| CVE-2022-44007 | 0.00 | — | 0.00 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation. | |||
| CVE-2022-44002 | 0.00 | — | 0.00 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. | |||
| CVE-2022-43999 | 0.00 | — | 0.00 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server. | |||
| CVE-2022-44006 | 0.00 | — | 0.06 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is… | |||
| CVE-2022-44005 | 0.00 | — | 0.00 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other… | |||
| CVE-2022-44000 | 0.00 | — | 0.00 | Nov 16, 2022 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server. |
- CVE-2022-44001Nov 17, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.
- CVE-2022-44008Nov 16, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly.
- CVE-2022-44004Nov 16, 2022risk 0.00cvss —epss 0.02
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.
- CVE-2022-44003Nov 16, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.
- CVE-2022-44007Nov 16, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.
- CVE-2022-44002Nov 16, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations.
- CVE-2022-43999Nov 16, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server.
- CVE-2022-44006Nov 16, 2022risk 0.00cvss —epss 0.06
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is…
- CVE-2022-44005Nov 16, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other…
- CVE-2022-44000Nov 16, 2022risk 0.00cvss —epss 0.00
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.